Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

675b62e524...80.exe

windows7-x64

10

675b62e524...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    21/11/2024, 00:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    675b62e5244165016f640d4f871401aa628522b5e755137dfcb1fb684bd0a380.exe

  • Size

    361KB

  • MD5

    ebfd56da0108874abf3d933068092e98

  • SHA1

    f369dd037e8df5f868a6a0f45f511e590bbf609c

  • SHA256

    675b62e5244165016f640d4f871401aa628522b5e755137dfcb1fb684bd0a380

  • SHA512

    27b9bbd8631b2efd0d985dcde608b260e3fa08ef3317f7115c76686771747d28a59fd25145e7e5ad05e4021a662f0a71d2cf554365adf6a65e09950bbdf55614

  • SSDEEP

    6144:QWXIwVZNNuh5pVI7Lf36g3uLcxjmkoVvLg+4wnS9+RR1eis3f1k:PNE5pVI7z36g3uIxjmhVvxnY+71Xge

Score
10/10
emotetepoch3bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

221.147.142.214:80

188.40.170.197:80

51.38.50.144:8080

46.22.116.163:7080

190.151.5.131:443

58.27.215.3:8080

179.5.118.12:80

73.100.19.104:80

192.210.217.94:8080

192.163.221.191:8080

103.93.220.182:80

91.213.106.100:8080

190.192.39.136:80

115.79.59.157:80

190.164.135.81:80

91.83.93.103:443

188.166.220.180:7080

116.202.10.123:8080

36.91.44.183:80

77.74.78.80:443
rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAM/TXLLvX91I6dVMYe+T1PPO6mpcg7OJ
3
cMl9o/g4nUhZOp8fAAmQl8XMXeGvDhZXTyX1AXf401iPFui0RB6glhl/7/djvi7j
4
l32lAhyBANpKGty8xf3J5kGwwClnG/CXHQIDAQAB
5
-----END PUBLIC KEY-----

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet family
    emotet
  • Emotet payload 3 IoCs

    Detects Emotet payload in memory.

    trojanbanker
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\675b62e5244165016f640d4f871401aa628522b5e755137dfcb1fb684bd0a380.exe
    "C:\Users\Admin\AppData\Local\Temp\675b62e5244165016f640d4f871401aa628522b5e755137dfcb1fb684bd0a380.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1628

Network

    No results found
  • 221.147.142.214:80
    675b62e5244165016f640d4f871401aa628522b5e755137dfcb1fb684bd0a380.exe
    152 B
     3
  • 221.147.142.214:80
    675b62e5244165016f640d4f871401aa628522b5e755137dfcb1fb684bd0a380.exe
    152 B
     3
  • 188.40.170.197:80
    675b62e5244165016f640d4f871401aa628522b5e755137dfcb1fb684bd0a380.exe
    152 B
     120 B
     3
    3
  • 188.40.170.197:80
    675b62e5244165016f640d4f871401aa628522b5e755137dfcb1fb684bd0a380.exe
    152 B
     120 B
     3
    3
  • 51.38.50.144:8080
    675b62e5244165016f640d4f871401aa628522b5e755137dfcb1fb684bd0a380.exe
    152 B
     120 B
     3
    3
  • 51.38.50.144:8080
    675b62e5244165016f640d4f871401aa628522b5e755137dfcb1fb684bd0a380.exe
    152 B
     120 B
     3
    3
  • 46.22.116.163:7080
    675b62e5244165016f640d4f871401aa628522b5e755137dfcb1fb684bd0a380.exe
    152 B
     3
  • 46.22.116.163:7080
    675b62e5244165016f640d4f871401aa628522b5e755137dfcb1fb684bd0a380.exe
    152 B
     3
  • 190.151.5.131:443
    675b62e5244165016f640d4f871401aa628522b5e755137dfcb1fb684bd0a380.exe
    152 B
     3
  • 190.151.5.131:443
    675b62e5244165016f640d4f871401aa628522b5e755137dfcb1fb684bd0a380.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1628-5-0x00000000003B0000-0x00000000003CB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1628-4-0x0000000000370000-0x000000000038A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1628-0-0x0000000000390000-0x00000000003AC000-memory.dmp

    Filesize

    112KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.